Appln.No.: 09/874,258 

Amendment dated May 24, 2005 

Reply to Office Action of February 24, 2005 

REMARKS/ARGUMENTS 

The office action of February 24, 2005, has been carefully reviewed and these remarks 
are responsive thereto. Claims 4, 12, 20, 24, 28, 30-32, 46-47, 50, 60, 63, 71, and 75 have been 
amended to clarify the scope of protection. Claim 27, 42-45, and 79-82 has been canceled 
without prejudice or disclaimer. Claim 83 has been added. Claims 1-26, 28-41, 46-78, and 83 
remain pending in this application. Reconsideration and allowance of the instant application are 
respectfully requested. 

Claims 46-50 and 56-59 

Claims 46-50 and 56-59 stand rejected under 35 U.S.C. § 102(e) as being anticipated by 
Howard et al (U.S. Pat. No. 6,353,886, hereinafter Howard). Applicant respectfully traverses the 
rejection. 

Applicant's amended independent claim 46 recites, among other features, a virtual 
private network (VPN) device comprising "a memory containing a certificate that has been 
signed by a certification authority... and a processor programmed to receive a request for 
establishing a VPN between the VPN device and a second VPN device." The Action relies on 
Figures 3 and 4 of Howard as anticipating these features of Applicant's claim 46. Specifically, 
the Action relies on the policy database 32 as shown in Figures 3 and 4 of Howard. However, as 
shown in the Figures of Howard, a VPN is not established between the policy database 32 and 
another device. Figure 4 of Howard describes how the policy database 32 is accessed by a 
resource, such as network resource 74, to retrieve an attribute certificate to be used to establish a 
communication path between the resource and another resource. Howard fails to teach or 
suggest a VPN device including, "a memory containing a certificate that has been signed by a 
certification authority... and a processor programmed to receive a request for establishing a VPN 
between the VPN device and a second VPN device," as recited, among other features, in 
Applicant's claim 46. Because Howard fails to teach or suggest every feature of Applicant's 
claim 46, withdrawal of the present rejection is respectfully requested. 

Claims 47-50 and 56-59 are allowable for all the reasons given above concerning their 
respective base claims, and further in view of the novel features recited therein. 
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Claims 1, 4-7, 13-16, 21-23, 60, 63-65, and 72-74 

Claims 1, 4-7, 13-16, 21-23, 60, 63-65, and 72-74 stand rejected under 35 U.S.C. § 103(a) as 
being unpatentable over Genty et al (U.S. Pat. No. 6,675,225, hereinafter Genty). Applicant 
respectfully traverses the rejection. 

In order to reject a claim as obvious under § 103(a), three criteria must exist: 1) there 
must be some suggestion or motivation, either in the references themselves or in the knowledge 
generally available to one of ordinary skill in the art, to modify the reference or to combine the 
reference teachings; 2) there must be a reasonable expectation of success; and 3) the prior art 
reference(s) must teach or suggest all the claim limitations. See MPEP § 706.02 (j); In re Vaeck, 
947 F.2d488 (Fed. Cir. 1991). 

However, the prior art did not discover or appreciate the problem that is solved by the 
invention. Thus, there cannot be any expectation of success or any reason to modify the 
reference when one does not know that some modification or combination will solve a problem 
that the individual does not know even exists. The Office Action states that it would have been 
obvious to one having ordinary skill in the art at the time the invention was made to "exchange 
the assigned certificates between the first VPN device and the second VPN device in order to 
positively authenticate either end of the communication link before data is transferred." This is 
not a proper motivation, however, but rather is the conclusion the examiner has apparently reached 
after having benefited from reading Applicant's own disclosure, and is thus impermissible 
hindsight. 

The Federal Circuit has repeatedly stated that the limitations of a claim in a pending 
application cannot be used as a blueprint to piece together prior art in hindsight, In re 
Dembiczak, 50 U.S.P.Q.2d 1614 (Fed. Cir. 1999), and that the Patent Office should rigourously 
apply the requirement that a teaching or motivation to combine prior art references needs to be 
provided. Id. (emphasis added). Thus, Applicant respectfully submits that that there is no 
motivation or suggestion to modify Genty as so stated. 

Even assuming that any judgment on obviousness is in a sense necessarily a 
reconstruction based upon hindsight reasoning, as is often argued by the Office, the Office 
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Action provides no evidence that the modification takes into account only knowledge which was 
within the level of ordinary skill at the time the claimed invention was made, nor does the Office 
Action provide any evidence that the modification does not include knowledge gleaned only 
from Applicant's disclosure. Specifically, the background section of Applicant's written 
description describes one problem sought to be solved by the present invention. Specifically, 
page 5, lines 5 to 7 of Applicant's original written description states, "[b]ecause specific 
parameters about a destination LAN that will be connected through the VPN are required, merely 
trusting the 'other side' to provide 1 the required parameters could result in an invalid range of IP 
addresses being provided to a site." This is the same problem that is not addressed in Genty. 
Thus, the modification is an improper modification based on hindsight. 

Still further, the cited portion of Genty merely describes a conventional distributed data 
processing type system. (Col. 3, lines 27-29 and col. 6, lines 35-51). Later portions of Genty 
describe using IP-address-evading snoop avoiders 516 and 518 in gateways 510 and 512 to 
switch between multiple VPN tunnels in a conventional distributed data processing type system. 
(Col. 6, lines 62-67). Genty states that, "[d]igital certificates may also be used to positively 
authenticate either end of the communication link before data is transferred." (Col. 6, lines 49- 
51). However, Genty fails to teach or suggest any manner outside of the conventional manner 
for authentication. As described in Applicant's original specification, "[fjor the distributed 
management approach, each site independently requests a certificate from a certification 
authority for each VPN device that is controlled by the requesting site." (Applicant's original 
written description, page 2, lines 4-6). As such, Genty fails to teach or suggest every feature of 
Applicant's independent claim 1, and Applicant's respectfully request withdrawal of the present 
rejection.. 

Claim 60 includes many of the same features as described above with reference to claim 
1. Thus, for at least the same reasons, Applicant's independent claim 60 is patentably 
distinguishable over the art of record. 

Claims 4-7 and 13-15, as well as claims 63-65 and 72-74, which depend from claims 1 
and 60 respectively, are allowable for all the reasons given above concerning their respective 
base claims and further in view of the novel features recited therein. For example, with respect 
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to Applicant's claim 7, the Action cites nothing in support of the feature of, "wherein the 

source/destination designation includes a wild card designation." In response, the Action admits, 

"Genty fails to disclose the destination designation includes a wild card designation." (Action, 

page 5). The Action states, 

"However, it would have been obvious to one having ordinary skill in the 
art at the time the invention was made to designate the wild card destination just 
in case the designated receiver or destination is unable to receive the data at 
present time and forwarding the received data to its intended destination when 
available to receive the data - thus minimizing the network resources by releasing 
the connection once the data has been delivered to the wild card designation or the 
intended destination." (Action, pages 5-6). 

Again, this is not a proper motivation, however, but rather is the conclusion the examiner has 
apparently reached after having benefited from reading Applicant's own disclosure, and is thus 
impermissible hindsight. There is nothing noted in the Genty reference to conclude such a 
motivation. "Minimizing the network resources" is not a goal of the Genty system. The Genty 
system is concerned with preventing eaves-dropping snoops from obtaining data being transmitted 
in a VPN. There is nothing in Genty to glean such a motivation as stated in the Action. As such, 
Applicant's claim 7 is not taught or suggested in Genty. 

To the extent independent claim 16 has the same or similar features as independent 
claims 1 and 60 discussed above, the reasons differentiating those claims from Genty apply to 
claim 16 as well. Accordingly, claim 16 is patentably distinguishable from Genty. 

Claims 21-23, which depend from claim 16, are allowable for all the reasons given above 
concerning their respective base claims and further in view of the novel features recited therein. 

Claims 2-3, 8-12, and 17-20 

Claims 2-3, 8-12, and 17-20 stand rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Genty in view of Howard. Applicant respectfully traverses the rejection. 

Dependent claims 2-3, 8-12, and 17-20, which depend from claims 1 and 16 respectively, 
are patentably distinct over the art of record at least for the same reasons as their base claims and 
further in view of the novel features recited therein. For example, with respect to Applicant's 
claim 8, the Action is silent with how Genty, either alone or in combination with Howard, 
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teaches or suggests, "a step of verifying at the first VPN device the second signed certificate 
having at least one verified VPN parameter for the second VPN device." Applicant submits that 
neither Genty nor Howard, either alone or in combination, teaches or suggests at least this 
feature of Applicant's claim 8. 

Claims 24-33, 36-3% 41, 46, and 75-78 

Claims 24-33, 36-39, 41, 46, and 75-78 stand rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Genty in view of Muniyappa et al (U.S. Pat. No. 6,092,200, hereinafter 
Muniyappa), Applicant respectfully traverses the rejection. 

The prior art did not discover or appreciate the problem that is solved by the invention. 
Thus, there cannot be any expectation of success or any reason to modify the reference when one 
does not know that some modification or combination will solve a problem that the individual 
does not know even exists. The Office Action states that it would have been obvious to one 
having ordinary skill in the art at the time the invention was made to "provide the teaching of 
Muniyappa in the system taught by Genty in order to provide a secure communication tunnel 
over the public network thus the first VPN device and the second VPN device can positively 
authenticate either end of the communication link before data is transferred.." (Action, Page 10). 
This is not a proper motivation, however, but rather is the conclusion the examiner has apparently 
reached after having benefited from reading Applicant's own disclosure, and is thus impermissible 
hindsight. This statement provides no motivation in either reference to combine the two. Thus, 
Applicant respectfully submits that that there is no motivation or suggestion to modify Genty as 
so stated. 

Even assuming without admitting that the combination of Genty and Muniyappa is 
proper, the combination of references fails to teach or suggest every feature of Applicant's claim 
24. The features of canceled dependent claim 27 have been incorporated into amended 
independent claims 24 and 75. Amended independent claims 24 and 75 each recites, among 
other features, "exchanging the signed certificate with another VPN device at a selected 
telecommunications network address." The Action cites no portion of Genty or Muniyappa as 
teaching or suggesting this feature. As recited in column 5, lines 53-57 of Muniyappa, [e]ach 
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node queries the certification authority to receive the public key by providing the certification 
authority with the master's address information so that the certification authority can look-up the 
appropriate public key for the master based upon its address information." As stated above with 
respect to Applicant's claim 1 and 60, Genty fails to teach or suggest any manner outside of the 
conventional manner for authentication. As described in Applicant's original specification, 
"[f]or the distributed management approach, each site independently requests a certificate from a 
certification authority for each VPN device that is controlled by the requesting site." (Applicant's 
original written description, page 2, lines 4-6). Muniyappa fails to cure the deficiencies of Genty 
to teach or suggest, "exchanging the signed certificate with another VPN device at a selected 
telecommunications network address." Accordingly, amended independent claim 24 is 
patentably distinct from the art of record and withdrawal of the rejection is respectfully 
requested. 

Claim 75 includes many of the same features as described above with reference to claim 
24. Thus, for at least the same reasons, Applicant's independent claim 75 is patentably distinct 
over the art of record. 

Claims 25-33, 36-39, and 41 and 76-78, which depend from claims 24 and 75 
respectively, are allowable for all the reasons given above concerning their respective base 
claims, and further in view of the novel features recited therein. 

With respect to Applicant's claim 46, the Action, on page 13 appears to include language 
and terms not found in the claim. Applicant believes this entry addressing claim 46 is an error in 
light of the fact that claim 46 is already addressed with respect to the Howard reference. With 
respect to the Genty and Muniyappa references, Applicant respectfully requests clarification of 
this rejection if the Action did intend it. 

Claims 34-35, 40, and 51-55 

Claims 34-35, 40, and 51-55 stand rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Genty in view of Muniyappa and further in view of Howard Applicant respectfully traverses 
the rejection. 
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Dependent claims 34-35, 40, and 51-55, which depend from claims 24 and 46 
respectively, are patentably distinct over the art of record at least for the same reasons as their 
base claims and further in view of the novel features recited therein. For example, with respect 
to Applicant's claim 54, the Action cites nothing in support of the feature of, "wherein the 
source/destination designation includes a wild card designation." In response, the Action admits 
that the combination of three references, "Genty-Muniyappa-Howard fails to disclose the 
destination designation includes a wild card designation." (Action, page 17). The Action applies 
the same reasoning as described above with respect to Applicant's claim 7. For at least the same 
reasons as stated above with respect to Applicant's claim 7, Applicant's claim 54 is not taught or 
suggested in the combination of Genty-Muniyappa-Howard 

Claims 61-62 and 64-71 

Claims 61-62 and 64-71 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Genty in view of Howard, Applicant respectfully traverses the rejection. 

Dependent claims 61-62 and 64-71, which depend from claim 60, are patentably distinct 
over the art of record at least for the same reasons as their base claims and further in view of the 
novel features recited therein. For example, with respect to Applicant's claim 67, the Action is 
silent with how Genty, either alone or in combination with Howard, teaches or suggests, "a step 
of verifying at the first VPN device the second signed certificate having at least one verified 
VPN parameter for the second VPN device." Applicant submits that neither Genty nor Howard, 
either alone or in combination, teaches or suggests at least this feature of Applicant's claim 67. 

New Claims 

Applicant has added new claim 83, supported by the specification as filed. No new matter 
has been added. 
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CONCLUSION 

All rejections having been addressed, Applicant respectfully submits that the instant 
application is in condition for allowance, and respectfully solicits prompt notification of the 
same. However, if for any reason the Examiner believes the application is not in condition for 
allowance or there are any questions, the examiner is requested to contact the undersigned at 
(202) 824-3155. 

Respectfully submitted, 
BANNER & WITCOFF, LTD. 



Dated this 24th day of May, 2005 



1001 G Street, N.W. 
Washington, D.C. 20001-4597 
Tel: (202) 824-3000 
Fax: (202) 824-3001 



By: 



q 




John 


VL Fleming, Registration No. 56,536 
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